Vulnerable-AD is a PowerShell toolkit that automates the creation of a deliberately insecure Active Directory domain for hands-on labs and testing. It builds a domain controller (or augments an existing AD installation) with a variety of common misconfigurations and intentional weaknesses so practitioners can exercise attack techniques such as Kerberoast, AS-REP roast, DCSync, Pass-the-Hash, Silver/Golden Ticket attacks, and more. The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. A convenience wrapper and examples make it straightforward to deploy in a local lab: you can install AD services, run the script on a domain controller, and generate hundreds of vulnerable accounts and conditions for testing. The repository emphasizes full coverage of the listed attack types and includes options to randomize which weakness
Features
- One-command lab bootstrap that installs AD roles and seeds vulnerable objects
- Randomized vulnerability generation so each deployment presents different attack paths
- Preconfigured scenarios for popular attacks: Kerberoasting, AS-REP, DCSync, Pass-the-Hash, Silver/Golden Tickets
- Options to create users with default passwords and inject credentials into object descriptions for easy discovery
- Configurable scope (number of users, groups, and workstations) to scale lab complexity
- Safe-use guidance and explicit warnings to restrict execution to isolated lab environments
Project Samples
